What is Dark Web Monitoring in Spanning Backup for Office 365
Spanning Backup for Office 365 Dark Web Monitoring is a premium feature for securing your Office 365 tenant and other properties from compromised credentials that have been detected on the dark web. Dark Web Monitoring alerts Office 365 administrators when their employee's emails and passwords have been compromised enabling them to take proactive steps to secure accounts at risk. They can then leverage Office 365’s powerful audit reporting and Spanning search capabilities to determine if malicious activity has taken place and restore any corrupted data in just a few clicks.
Why can I see passwords in the list of compromised credentials?
When Spanning Backup for Office 365 receives breach data for a domain it may include the entire plain text password or a password hash. Spanning truncates the password to 10 characters and masks the last 5 before we store it in our database or show it to an administrator. We feel that the IT Admin doesn't need the whole password to have the conversation with the person who is breached. They can say "Do you still use a password that starts with 'passw*****'?" And still have a meaningful conversation about the significance of strong passwords and password security.
Why are there accounts in the list that are not in Azure Active Directory?
Spanning Backup for Office 365 Dark Web Monitoring is domain level protection. Domains in the tenant are evaluated for compromised credentials and the result of the monitoring can result in accounts that are associated with your domain but may not be an active account in Azure Active Directory. For example, the Acme Corp Marketing department maintains a social media presence using “email@example.com”. This marketing address is not associated with an Azure Active Directory account, it is just an email alias. This email address and the password “mypass@word” are used to secure Canva, Twitter, Facebook, and Instagram. If these credentials are part of the Instagram or Canva breaches, they would appear in the Dark Web Monitoring report as “firstname.lastname@example.org” and “mypas*****”. Even though there is no user account in Azure AD this breached account represents a risk to the Acme Corp social media presence if the password is reused.